Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints
|
|
- Dina Lamb
- 5 years ago
- Views:
Transcription
1 Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints Mohammad Nauman Institute of Management Sciences, Pakistan Sohail Khan School of Electrical Engineering and Computer Science, NUST Pakistan Xinwen Zhang Samsung Information Systems America, USA ABSTRACT Android is the first mass-produced consumer-market open source mobile platform that allows developers to easily create applications and users to readily install them. However, giving users the ability to install third-party applications poses serious security concerns. While the existing security mechanism in Android allows a mobile phone user to see which resources an application requires, she has no choice but to allow access to all the requested permissions if she wishes to use the applications. There is no way of granting some permissions and denying others. Moreover, there is no way of restricting the usage of resources based on runtime constraints such as the location of the device or the number of times a resource has been previously used. In this paper, we present Apex a policy enforcement framework for Android that allows a user to selectively grant permissions to applications as well as impose constraints on the usage of resources. We also describe an extended package installer that allows the user to set these constraints through an easy-touse interface. Our enforcement framework is implemented through a minimal change to the existing Android code base and is backward compatible with the current security mechanism. Categories and Subject Descriptors D.4.6 [OPERATING SYSTEMS]: Security and Protection Access controls General Terms Security Keywords Mobile platforms, Android, Policy Framework, Constraints 1. INTRODUCTION In the current scenario of mobile platforms, Android [3] is among the most popular open source and fully customizable Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ASIACCS 10 April 13 16, 2010, Beijing, China. Copyright 2010 ACM /10/04...$ software stacks for mobile devices. Introduced by Google, it includes an operating system, system utilities, middleware in the form of a virtual machine, and a set of core applications including a web browser, dialer, calculator and a few others. Third party developers creating applications for Android can submit their applications to Android Market from where users can download and install them. While this provides a high level of availability of unique, specialized or general purpose applications, it also gives rise to serious security concerns. When a user installs an application, she has to trust that the application will not misuse her phone s resources. At install-time, Android presents the list of permissions requested by the application, which have to be granted if the user wishes to continue with the installation. This is an all-or-nothing decision in which the user can either allow all permissions or give up the ability to install the application. Moreover, once the user grants the permissions, there is no way of revoking these permissions from an installed application, or imposing constraints on how, when and under what conditions these permissions can be used. Consider a weather update application that reads a user s location from her phone and provides timely weather updates. It can receive location information in two ways. It may read it automatically from gps or prompt the user to manually enter her location if gps is unavailable. In Android, the application must request permission to read location information at install-time and if the user permits it, the application has access to her exact location even though such precision is not necessary for providing weather updates. If however, she denies the permission, the application cannot be installed. The user therefore does not have a choice to protect the privacy of her location if she wishes to use the application for which the exact location isn t even necessary and the application itself provides an alternative. To address these problems, we have developed Android Permission Extension (Apex) framework, a comprehensive policy enforcement mechanism for the Android platform. Apex gives a user several options for restricting the usage of phone resources by different applications. The user may grant some permissions and deny others. This allows the user to use part of the functionality provided by the application while still restricting access to critical and/or costly resources. Apex also allows the user to impose runtime constraints on the usage of resources. Finally, the user may wish to restrict the usage of the resources depending on an application s use e.g., limiting the number of sms messages sent each day. We define the semantics of Apex as well as the policy model used to describe these constraints. We also de-
2 scribe an extended package installer which allows end-users to specify their constraints without having to learn a policy language. Apex and the extended installer are both implemented with a minimal and backward compatible change in the existing architecture and code base of Android for better acceptability in the community. 2. BACKGROUND 2.1 Android Architecture Android architecture is composed in layers. These are the application layer, application framework layer, Android runtime and system libraries. Applications are composed of one or more different components. There are four types of components namely activities, services, broadcast receivers and content providers. Activities include a visible interface of the application. Service components are used for background processing which does not require a visible interface. The broadcast receiver component receives and responds to messages broadcast by application code. Finally, content providers enable the creation of a custom interface for storing and retrieving data in different types of data stores such as filesystems or sqlite databases. The application framework layer enables the use or reuse of different low-level components. Android also includes a set of system libraries, which are used by different components of Android. Components of an application can interact with other components both within the application and outside it using a specialized inter-component communication mechanism based on Intents. An intent is an abstract representation of an action to be performed [4]. Intents can either be sent to a specific component called explicit intents or broadcast to the Android framework, which passes it on to the appropriate components. These intents are called implicit intents and are much more commonly used. Both of these types share the same permission mechanism and for the sake of clarity, we only consider implicit intents in this paper. 2.2 Motivating Example In order to demonstrate the existing Android security framework and its limitations, we have created a set of four example applications as a case study, which is representative of a large class of applications available in the Android Market. Ringlet is a sample application that performs several tasks using different low-level components like gprs, mms, gps etc. It accesses three other applications, each gathering data from a different social network facebook, twitter and flickr. On receiving user name/password pairs, Ringlet passes on the username and passwords of the social networks to their respective back-end services. The back-end services connect the user to the three networks at the same time and extract updates from the social network sites to their respective content provider datastores on the phone. The front-end gui receives messages from the content providers, displays these messages to the user in one streamlined interface and allows her to reply back to the messages or forward these messages to a contact via sms or mms. It should be noted that several applications similar to Ringlet are available on the Android Market that use several permissions such as sending sms and accessing the location of the user. If a user downloads several applications for different purposes and grants all requested permissions to all applications, there is no way of ensuring that none of the applications will misuse these permissions. In essence, there are four issues: (1) The user has to grant all permissions in order to be able to install the application; (2) there is no way of restricting the extent to which an application may use the granted permissions; (3) since all permissions are based on singular, install-time checks, access to resources cannot be restricted based on dynamic constraints such as the location of the user or the time of the day; and (4) the only way of revoking permissions once they are granted to an application is to uninstall the application. We address these issues by enhancing the existing security architecture of Android for enabling the user to restrict the usage limit of both newly installed applications as well as applications installed in the past. In the following section, we formally describe a policy model for this purpose and then detail how it has been incorporated in the existing security mechanism of the Android framework. 3. ANDROID USAGE POLICIES In this section, we first present a logical model of the existing Android security mechanism that focuses on the semantics of Inter-Component Communication ( icc). The model covers the semantics of intents, intent filters and the permission logic for granting or denying access to resources. Afterwards, we describe the policy model used for extending the permission mechanism of Android to incorporate userdefined dynamic constraints. In traditional access control models, policies revolve around the abstractions of subjects, objects and rights. In system-level permission models, policies are based on processes, users, resources and rights. Android s security framework differs slightly from both of these approaches in that 1) the security model differentiates between the different modules of a single application and 2) there is usually only one user per device. Each application consists of different modular portions termed as components. An application a 1 might be allowed access to one component of application a 2 but not another. This allows an application to make parts of its functionality publicly available to other applications while keeping the rest of the components protected. In this way, the smallest unit of an application, with respect to the Android security framework, is the component. We therefore define our security framework on the basis of components of applications. Definition 1 (Applications and Components). The set of applications and components in Android are denoted by A and C respectively and a component association function ς : C A associates each component with a unique application. Inter-Component Communication (icc) in Android is accomplished through the concept of Intents. Intents encapsulate the information associated with the icc call. The action string describes the action to be performed, data acts an argument for the action, category specifies the type of the component that should handle the intent and the extras field includes other arbitrary information associated with the raised intent. For example, in our motivating example (cf. Section 2.2), an intent of action string edu.apex.android.ringlet.fkringlet.post, data "New Image Caption", category "edu.apex.android.category.category_-
3 photo" and an image in the extras field can be used to post an image to the user s flickr profile. Formally, Definition 2 (Intent). An intent is a 4-tuple (α, σ, γ, ɛ), where α is an action string describing the action to be performed, σ is a string representing the data, γ is the string representing the category and ɛ : name val is a function that maps names of extra information to their values. The set of intents is denoted as I. Any application willing to serve an intent describes its willingness using the <IntentFilter> tag in the manifest file. An intent filter can be used to describe the fine grained details of the intent an application is willing to serve including the action string, data and the category of the intent. We formalize intent filters using action strings that they serve. This allows for a cleaner formalization without lack of generality. We define an intent filter as: Definition 3 (Intent Filter). An intent filter is an application s willingness to serve an intent. Intent filters are associated with individual components of applications. An intent-filter association function A f : C 2 F maps each component of an application to a set of intent filters where F is the set of intent filters and I F. If a component c C has an intent filter f, we write f A f (c). Example 1. The flickr service exposes the action string edu.apex.android.intents.fks_intent in its intent filter. This intent filter catches all intents matching this action string, which can then be used to start the flickr service. Components associated with intent filters may impose restrictions on which applications may call them. These restrictions are defined using the concept of permissions. When an application provider writes an application, she provides a list of intent filters that are supported by different components of the application. Moreover, she can associate permissions with the individual components of the application. This would ensure that only an application that possesses the required permissions can call the component through the given intent. Permissions are first declared (as a unique string in <Permission> tag) and then associated with a component using android:permission attribute of <activity>, <service>, <receiver> or <provider> tag [6]. Note that these are the permissions required by the target component, not those granted to the calling component. Definition 4 (Permissions). A permission declares the requirements posed by a component for accessing it. A permission association function A p : C P associates each component to a single 1 permission where P is the set of permissions. If a component c C requires that a calling component have a permission p P, then we write p = A p(c). Applications are granted specific permissions by the Android framework at install-time. The manifest file includes one or more <uses-permission> tags that specify the permissions required by the application to function properly. During installation of the application, the user is presented with an interface listing the requested permissions. If the user chooses to grant these permissions, the application is installed and thus granted the requested permissions. Formally: 1 A feature can be protected by at most one permission. [5] Definition 5 (Uses-Permissions). A uses-permission construct declares the permissions granted to the application by the user at install-time. Permissions are associated with applications rather than their individual components. The basic permission function µ : A 2 P is a function that maps an application to the permissions it is granted where A is the set of applications and P is the set of permissions. Since we base our formalization on the concept of components, we define a second permission function ρ that defines the permission of one component to call another with a specific intent. The permission function is defined as follows: Definition 6 (Permission Function). The permission function ρ defines the complete set of conditions under which a component c 1 is allowed to call another component c 2. c 1 can communicate with c 2 if and only if either 1) there is no permission associated with the second component or 2) the application to which c 1 belongs has been granted the permission required by c 2. Formally: ρ(c 1, c 2, i) A p(c 2) = null p P, a A a = ς(c 1) p = A p(c 2) p µ(a 1) i A f (c 2) Example 2. The facebook service component declares the permission edu.apex.android.permission.fbs_start in its android:permission attribute. In order to be able to raise the intent for starting the facebook service, the Ringlet activity needs to have this permission granted to it. This example concludes our formalization of the existing security mechanism provided by Android. It is evident that in this mechanism, there is no way of specifying complex or fine-grained runtime constraints for permissions. Below, we describe how we have enhanced this mechanism to include dynamic constraints on permissions. 3.1 Dynamic Constraints For associating dynamic constraints with permissions, we introduce the concept of application attributes. Each application in Android is associated with a finite set of attributes. The application state is a function that maps the attributes of an application to their values. The application state is a persistent structure that maintains its values between different system sessions. Definition 7 (Application State). An application state is a function τ : η(a) dom(η(a)), where A is the set of applications, η is the function that maps an application to a set of attribute names, and dom(x) is the value domain of attribute set x of an application a A. Example 3. The Ringlet application has several attributes associated with it such as sentmms, which captures the number of mms that have been sent by the application. Each application can have a different set of attributes. Existing Android applications for which no attributes are defined can be considered as having an empty set of attribute names associated with them. Constraints for permissions are defined in terms of predicates functions that map the set of application attributes,
4 system attributes and constants to boolean values. A predicate returns true if and only if the attribute values in the current application state satisfy the conditions of the predicates. We denote the set of predicates as Q. An application transitions from one state to another as a result of a change in the value of the application s attributes. This change is captured by an attribute update action. Definition 8 (Attribute Update Action). An attribute update action u(a.x, v ) : τ τ is a function that maps the value of an attribute x η(a) of an application a A to a new value v dom(η(a)). Attribute updates play a key role in our policy framework. Predicates based on these attributes are used for two purposes. First, they are used to specify the conditions under which a permission may be granted. Second, they can cause an update action to be triggered, which may modify the values of attributes. Conditions and updates are both specified in a policy. Definition 9 (Policy). A policy defines the conditions under which an application is granted a permission. It consists of two input parameters an application and a permission on which it is applicable, an authorization rule composed of predicates that specify the conditions under which the permission is granted/denied and a set of attribute update actions, which are to be performed if the conditions in the authorization rule are satisfied. Specifically: l(a, p): q 1 q 2 q 3... q n {permit, deny} u 1; u 2; u 3;... ; u n where a A, p P, q i Q, u i are attribute update actions, l Λ and Λ is the set of policies in the system. The right-hand-side of the authorization rule defines the value returned by the policy. Note that if the predicates in an authorization rule are satisfied, updates specified in the policy are performed regardless of the return value of the authorization rule. A policy is applied to a specific application state. Attribute values in the particular state determine the truth value of the predicates. If the predicates are satisfied, the permission is either granted or denied (depending on the return value of the authorization rule) and the updates specified in the policy are executed resulting in a new state. This may render predicates in other policies true, thus allowing for the dynamic nature of the policy-based constraints on permissions. We incorporate these policies in the existing security model of Android by redefining the permission function ρ. Definition 10 (Dynamic Permission Function). The dynamic permission function specifies the conditions under which a component c 1 is granted permission to call another component c 2 using intent i. It incorporates the static checks as well as the dynamic runtime constraints in its evaluation. For a permission to be granted, Android s permission checks must grant the permission and there must not be a policy that denies the permission. Formally: ρ(c 1, c 2, i) A p(c 2) = null p P, a A a = ς(c 1) p = A p(c 2) p µ(a 1) i A f (c 2) l Λ l(a, p) = deny Example 4. The Ringlet activity is able to include the location of the user in the messages posted. Similar to the weather update example given in Section 1, the user may wish to restrict access to gps for protecting her privacy. Using dynamic constraints, she may define a policy that denies access to gps at all times. The constraint in the policy is set to true and the authorization rule to deny with no updates. Using this policy, she may install Ringlet and use it for all other functionality while still protecting the privacy of her location. Similarly, she may define a policy that imposes a limit on Ringlet s ability to send updates through mms messages, say 5 each day, thereby controlling the carrier costs at a fine-grained level. For the implementation of Apex, we have defined a policy language that allows the user to define her policies including dynamic constraints. Figure 1 shows how both of the above example policies can be depicted in our language. We have incorporated the policy model in the existing android security mechanism and inter-component communication mechanism. This includes changes to the activity manager, the package manager and the permission checking mechanisms associated with these components. However, we are unable to include the details of this implementation here due to space limitations. 4. POLY ANDROID INSTALLER Writing usage policies is a complex procedure, even for system administrators. Android is targeted at the consumer market and the end users are, in general, unable to write mms_count_allow ("edu.apex.ringlet.ringlet" as Ringlet, Ringlet.sentMms <= 5 Ringlet.lastUsedDay = System.CurrentDay permit(ringlet, MMS); Ringlet.sentMms = Ringlet.sentMms + 1; mms_count_deny ("edu.apex.ringlet.ringlet" as Ringlet, Ringlet.sentMms > 5 Ringlet.lastUsedDay = System.CurrentDay deny(ringlet, MMS); reset_mms_count ("edu.apex.ringlet.ringlet" as Ringlet, Ringlet.lastUsedDay! = System.CurrentDay permit(ringlet, MMS); Ringlet.lastUsedDay = System.CurrentDay; Ringlet.sentMms = 1; deny_gps ("edu.apex.ringlet.ringlet" as Ringlet, "android.permission.access_fine_location" as GPS): System.CurrentTime > 1700 System.CurrentTime < 0900 deny(ringlet, GPS); restrict_internet ("edu.ringlet.ringlet" as Ringlet, "android.permission.internet" as Net): true deny(ringlet, Net); Figure 1: Example Apex Policies
5 complex usage policies. One of the most important aspects of our new policy enforcement framework is the usability of the architecture. To this end, we have created Poly an advanced Android application installer. Poly augments the existing package installer by allowing users to specify their constraints for each permission at install time using a simple and usable interface. In the existing Android framework, the user is presented with an interface that lists the permissions required by an application. We have extended the installer to allow the user to click on individual permissions and specify their constraints. When a user clicks on a permission she is presented with an interface that allows her to pick one of a few options. 1. For the novice user, the default setting is to allow. The default behavior of Android installer is also to allow all permissions, if the user agrees to install an application. This is a major usability feature that makes the behavior of the existing Android installer a subset of Poly and will hopefully allow for easier adoption of our constrained policy enforcement framework. 2. The deny option allows a user to selectively deny a permission as opposed to the all-or-nothing approach of the existing security mechanism. For example, Alice downloads an application that asks for several permissions including the one associated with sending sms. Alice may wish to stop the application from sending sms while still being able to install the application and use all other features. In Poly, Alice can simply tap on the send sms permission and set it to deny. 3. The third option is the constrained permission. This is the main concern of this contribution and has been discussed at length in the previous sections. An important point to note here is that currently, we have incorporated only simple constraints such as restricting the number of times used and the time of the day in which to grant a permission. This simplification is for the sake of usability. We aim to develop a fully functional desktop application, which will allow expert users to write very fine-grained policies. For the implementation of Poly we have extended the Figure 2: Poly Installation Interface: By clicking on a permission, the user can deny or impose constraints on that permission while still granting all others. PackageInstallerActivity. Figure 2 shows the screens as presented to the user during installation. Moreover, we also allow users to modify their constraints even after install-time. For this purpose, we have provided the same interface in the settings application of Android (com.android.settings.manageapplications class) so that the constraints may be modified as the user s trust on an application increases or decreases over time. We believe that our comprehensive constrained policy mechanism coupled with the usable and flexible user interface of Poly provides a secure, yet user-friendly security mechanism for the Android platform. 5. CONCLUSION AND FUTURE WORK In this paper, we have described Apex an extension to the Android permission framework. Apex allows users to specify detailed runtime constraints to restrict the use of sensitive resources by applications. The framework achieves this with a minimal trade-off between security and performance. The user can specify her constraints through a simple interface of the extended Android installer called Poly. The extensions are incorporated in the Android framework with a minimal change in the codebase and the user interface of existing security architecture. Our model is significantly different from related efforts [7, 1, 2] in that not only does it define an easy-to-use policy language, it is also user-centric. It allows users to make decisions about permissions on their device rather than automating the decisions based on the policies of remote owners. Secondly, it allows finer-granular control over usage through constructs such as attribute updates. 6. REFERENCES [1] William Enck, Machigar Ongtang, and Patrick McDaniel. On lightweight mobile phone application certification. In CCS 09: Proceedings of the 16th ACM conference on Computer and communications security, pages , New York, NY, USA, ACM. [2] Adam P. Fuchs, Avik Chaudhuri, and Jeffrey S. Foster. SCanDroid: Automated Security Certification of Android Applications. In Submitted to IEEE S&P 10: Proceedings of the 31st IEEE Symposium on Security and Privacy, [3] Google. Android Home Page, Available at: [4] Google. Android Reference: Intent, Available at: content/intent.html. [5] Google. Android Reference: Manifest File - Permissions, Available at: manifest/manifest-intro.html\#perms. [6] Google. Android Reference: Security and Permissions, Available at: guide/topics/security/security.html. [7] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically Rich Application-Centric Security in Android. In Proceedings of the Annual Computer Security Applications Conference, 2009.
Design and Implementation of a Fine-grained Resource Usage Model for the Android Platform
440 The International Arab Journal of Information Technology, Vol. 8, No. 4, October 2011 Design and Implementation of a Fine-grained Resource Usage Model for the Android Platform Mohammad Nauman 1 and
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationPAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY:
PAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY: K.VENU 10JE1A0555 Venu0555@gmail.com B.POTHURAJU 10JE1A0428 eswr10je1a0410@gmail.com ABSTRACT early prototypes, basic building blocks of an android
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationContextion: A Framework for Developing Context-Aware Mobile Applications
Contextion: A Framework for Developing Context-Aware Mobile Applications Elizabeth Williams, Jeff Gray Department of Computer Science, University of Alabama eawilliams2@crimson.ua.edu, gray@cs.ua.edu Abstract
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationThe Center for Affiliated Learning ( the CAL ) Privacy Policy
The Center for Affiliated Learning ( the CAL ) Privacy Policy Welcome to the Center for Affiliated Learning ( the CAL ) an education and training platform owned and operated by Affiliates Risk Management
More informationLecture Embedded System Security
Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2011 Overview Introduction Android Software Stack Android
More informationAn Access Control Model for Collaborative Management of Shared Data in OSNS
An Access Control Model for Collaborative Management of Shared Data in OSNS Ch. Aruna 1, G. Minni 2 1 M.Tech, Nimra College of Engineering & Technology, Vijayawada, A.P., India. 2 Asst. Professor, Dept.of
More informationAn Enhanced Security Policy Framework for Android
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More information6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014
6.858 Quiz 2 Review Android Security Haogang Chen Nov 24, 2014 1 Security layers Layer Role Reference Monitor Mandatory Access Control (MAC) for RPC: enforce access control policy for shared resources
More informationHow to Exploit Abstract User Interfaces in MARIA
How to Exploit Abstract User Interfaces in MARIA Fabio Paternò, Carmen Santoro, Lucio Davide Spano CNR-ISTI, HIIS Laboratory Via Moruzzi 1, 56124 Pisa, Italy {fabio.paterno, carmen.santoro, lucio.davide.spano}@isti.cnr.it
More informationThe security mechanisms of Java
The security mechanisms of Java Carlo U. Nicola, SGI FHNW With extracts from publications of : Sun developers' center documentation; David A. Wheeler, UC Berkeley; Klaus Ostermann, TH-Darmstadt. Topics
More informationWhen Java technology burst onto the Internet scene in 1995,
MOBILE CODE SECURITY SECURE JAVA CLASS LOADING The class loading mechanism, LI GONG Sun Microsystems central to Java, plays a key role in JDK 1.2 by enabling When Java technology burst onto the Internet
More informationSTUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES
STUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES REJO MATHEW Department of Information Technology, NMIMS University, MPSTME, Mumbai, Maharashtra 400056, India rejo.mathew@nmims.edu
More informationAn Attribute-Based Access Matrix Model
An Attribute-Based Access Matrix Model Xinwen Zhang Lab for Information Security Technology George Mason University xzhang6@gmu.edu Yingjiu Li School of Information Systems Singapore Management University
More informationAnalysis of Social Networking Privacy Policies
Analysis of Social Networking Privacy Policies Leanne Wu, Maryam Majedi, Kambiz Ghazinour and Ken Barker Department of Computer Science University of Calgary 2500 University Dr. N.W. Calgary, Alberta,
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationSelf-Service Portal Implementation Guide
Self-Service Portal Implementation Guide Salesforce, Spring 6 @salesforcedocs Last updated: April 7, 06 Copyright 000 06 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationAn Approach to VoiceXML Application Modeling
An Approach to Application Modeling Xin Ni 1 Meng Ye 2 Lianhong Cai 3 1,3 Tsinghua University, Beijing, China 2 IBM China Research Lab nx01@mails.tsinghua.edu.cn, yemeng@cn.ibm.com, clh-dcs@tsinghua.edu.cn
More informationAndroid System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015
Android System Architecture Android Application Fundamentals Applications in Android All source code, resources, and data are compiled into a single archive file. The file uses the.apk suffix and is used
More informationCondor Local File System Sandbox Requirements Document
Condor Local File System Sandbox Requirements Document Requirements Document 1 1 Table of Contents 1 Table of Contents 2 2 Introduction 3 3 Describing the problem space 3 4 Defining the project's scope
More informationAutomatic Generation of Graph Models for Model Checking
Automatic Generation of Graph Models for Model Checking E.J. Smulders University of Twente edwin.smulders@gmail.com ABSTRACT There exist many methods to prove the correctness of applications and verify
More informationPayThankYou LLC Privacy Policy
PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the
More informationDROPBOX.COM - PRIVACY POLICY
Dropbox Privacy Policy Last Modified: October 15, 2012 This Privacy Policy provides our policies and procedures for collecting, using, and disclosing your information. Users can access the Dropbox service
More informationSMART DEVICES: DO THEY RESPECT YOUR PRIVACY?
SMART DEVICES: DO THEY RESPECT YOUR PRIVACY? Systems and Mobile Research Lab, Department of Computer Science and Engineering INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Presenter: Sandip Chakraborty sandipc@cse.iitkgp.ac.in
More informationA Framework for Distributed Authorization*
A Framework for Distributed Authorization* (Extended Abstract) Thomas Y.C. Woo Simon S. Lam Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712-1188 1 Introduction Security
More informationAn Android runtime security policy enforcement framework
Pers Ubiquit Comput (2012) 16:631 641 DOI 10.1007/s00779-011-0437-6 ORIGINAL ARTICLE An Android runtime security policy enforcement framework Hammad Banuri Masoom Alam Shahryar Khan Jawad Manzoor Bahar
More informationAn Effective Access Control Scheme for Preventing Permission Leak in Android
An Effective Access Control Scheme for Preventing Permission Leak in Android Longfei Wu 1, Xiaojiang Du 1, and Hongli Zhang 2 1 Department of Computer and Information Science, Temple University, Philadelphia,
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationTechnical Disclosure Commons
Technical Disclosure Commons Defensive Publications Series April 24, 2017 Bandwidth Pooling Alok Talekar Follow this and additional works at: http://www.tdcommons.org/dpubs_series Recommended Citation
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationWork with the Outreach App. Schoolwires Centricity2
Work with the Centricity2 Trademark Notice, the logos, and the unique trade dress of are the trademarks, service marks, trade dress and logos of, Inc. All other trademarks, service marks, trade dress and
More informationEasy Survey Creator: User s Guide
Easy Survey Creator: User s Guide The Easy Survey Creator software is designed to enable faculty, staff, and students at the University of Iowa Psychology Department to quickly and easily create surveys
More informationLanguage-Based Security on Android (call for participation) Avik Chaudhuri
+ Language-Based Security on Android (call for participation) Avik Chaudhuri + What is Android? Open-source platform for mobile devices Designed to be a complete software stack Operating system Middleware
More informationAssignment 4: Semantics
Assignment 4: Semantics 15-411: Compiler Design Jan Hoffmann Jonathan Burns, DeeDee Han, Anatol Liu, Alice Rao Due Thursday, November 3, 2016 (9:00am) Reminder: Assignments are individual assignments,
More informationNPR.ORG - PRIVACY POLICY
Effective Date February 06, 2013 See related: NPR Terms of Use At NPR, we recognize the importance of privacy to visitors of NPR.org, NPR's mobile sites and applications, NPR's interactive voice response
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationSearch Costs vs. User Satisfaction on Mobile
Search Costs vs. User Satisfaction on Mobile Manisha Verma, Emine Yilmaz University College London mverma@cs.ucl.ac.uk, emine.yilmaz@ucl.ac.uk Abstract. Information seeking is an interactive process where
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationON PRIVACY AND THE WEB
ON PRIVACY AND THE WEB Wesley A Brandi Martin S Olivier Information and Computer Security Architectures Research Group Department of Computer Science, University of Pretoria, Pretoria ABSTRACT Chor et
More informationSecurity and privacy in the smartphone ecosystem: Final progress report
Security and privacy in the smartphone ecosystem: Final progress report Alexios Mylonas Athens University of Economics & Business Overview 2 Research Motivation Related work Objective Approach Methodology
More informationOpenChain Specification Version 1.2 pc6 (DRAFT) [With Edit Markups Turned Off]
OpenChain Specification Version 1.2 pc6 (DRAFT) [With Edit Markups Turned Off] DRAFT: This is the near final draft of the 1.2 version of the OpenChain Specification. We have recently completed the final
More informationIntroduction to Android
Introduction to Android Ambient intelligence Alberto Monge Roffarello Politecnico di Torino, 2017/2018 Some slides and figures are taken from the Mobile Application Development (MAD) course Disclaimer
More informationA Java Execution Simulator
A Java Execution Simulator Steven Robbins Department of Computer Science University of Texas at San Antonio srobbins@cs.utsa.edu ABSTRACT This paper describes JES, a Java Execution Simulator that allows
More informationUser Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps
User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps Position Paper Gökhan Bal, Kai Rannenberg Goethe University Frankfurt
More informationAutomated Assessment of Security Risks for Mobile Applications
Automated Assessment of Security Risks for Mobile Applications Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie Department of Computer Science North Carolina State University Lookout Mobile
More informationQualtrics Survey Software
Qualtrics Survey Software GETTING STARTED WITH QUALTRICS Qualtrics Survey Software 0 Contents Qualtrics Survey Software... 2 Welcome to Qualtrics!... 2 Getting Started... 2 Creating a New Survey... 5 Homepage
More informationA Haskell and Information Flow Control Approach to Safe Execution of Untrusted Web Applications
A Haskell and Information Flow Control Approach to Safe Execution of Untrusted Web Applications Deian Stefan Stanford University April 11, 2011 Joint work with David Mazières, Alejandro Russo, Daniel B.
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationChapter 5 Defining the Manifest
Introduction to Android Application Development, Android Essentials, Fifth Edition Chapter 5 Defining the Manifest Chapter 5 Overview Use the Android manifest file for configuring Android applications
More informationowncloud Android App Manual
owncloud Android App Manual Release 2.0.0 The owncloud developers December 14, 2017 CONTENTS 1 Using the owncloud Android App 1 1.1 Getting the owncloud Android App...................................
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationContents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4
Contents SSL-Based Services: HTTPS and FTPS 2 Generating A Certificate 2 Creating A Self-Signed Certificate 3 Obtaining A Signed Certificate 4 Enabling Secure Services 5 SSL/TLS Security Level 5 A Note
More information1. What are the key components of Android Architecture? 2. What are the advantages of having an emulator within the Android environment?
1. What are the key components of Android Architecture? Android Architecture consists of 4 key components: - Linux Kernel - Libraries - Android Framework - Android Applications 2. What are the advantages
More informationEnforcing Multiple Security Policies for Android System*
2nd International Symposium on Computer, Communication, Control and Automation (3CA 2013) Enforcing Multiple Security Policies for System* Tao Guo guotao@itsec.gov.cn Puhan Zhang zhangph2008@gmail.com
More informationGetting Started Reliance Communications, Inc.
Getting Started Reliance Communications, Inc. 603 Mission Street Santa Cruz, CA 95060 888-527-5225 www.schoolmessenger.com Contents Before you Begin... 3 Bookmark Your Login Page... 3 Setting your Password...
More informationFacet Folders: Flexible Filter Hierarchies with Faceted Metadata
Facet Folders: Flexible Filter Hierarchies with Faceted Metadata Markus Weiland Dresden University of Technology Multimedia Technology Group 01062 Dresden, Germany mweiland@acm.org Raimund Dachselt University
More informationPerfect Timing. Alejandra Pardo : Manager Andrew Emrazian : Testing Brant Nielsen : Design Eric Budd : Documentation
Perfect Timing Alejandra Pardo : Manager Andrew Emrazian : Testing Brant Nielsen : Design Eric Budd : Documentation Problem & Solution College students do their best to plan out their daily tasks, but
More informationCisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007
Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007 Release 2.3 April 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationIntelligent ranking for photo galleries using sharing intent
Technical Disclosure Commons Defensive Publications Series June 20, 2018 Intelligent ranking for photo galleries using sharing intent John Oberbeck Follow this and additional works at: https://www.tdcommons.org/dpubs_series
More informationTypestate-Oriented Design
Typestate-Oriented Design A Coloured Petri Net Approach Jorge Luis Guevara Díaz Department of Computer Science Institute of Mathematics and Statistics São Paulo University,São Paulo-Brazil jorjasso@vision.ime.usp.br
More informationPolicy Based Device Access Security Position Paper to Device Access Policy Working Group
1 (8) Policy Based Device Access Security Position Paper to Device Access Policy Working Group 2 (8) 1. INTRODUCTION Nokia has implemented a policy-based device access security model for its Web runtime
More informationATC Android Application Development
ATC Android Application Development 1. Android Framework and Android Studio b. Android Platform Architecture i. Linux Kernel ii. Hardware Abstraction Layer(HAL) iii. Android runtime iv. Native C/C++ Libraries
More informationOne of the fundamental kinds of websites that SharePoint 2010 allows
Chapter 1 Getting to Know Your Team Site In This Chapter Requesting a new team site and opening it in the browser Participating in a team site Changing your team site s home page One of the fundamental
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationThe State of the Trust Gap in 2015
The State of the Trust Gap in 2015 The widespread use of mobile devices for work has driven a profound change in how employees think about the privacy of their personal data on mobile devices. Ten years
More informationPHILharmonicFlows: Towards a Framework for Object-aware Process Management
PHILharmonicFlows: Towards a Framework for Object-aware Process Management Vera Künzle 1,2 and Manfred Reichert 1 1 Institute of Databases and Information Systems, Ulm University, Germany {vera.kuenzle,manfred.reichert}@uni-ulm.de
More informationCisco TEO Adapter Guide for Microsoft Windows
Cisco TEO Adapter Guide for Microsoft Windows Release 2.3 April 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800
More informationInstances and Classes. SOFTWARE ENGINEERING Christopher A. Welty David A. Ferrucci. 24 Summer 1999 intelligence
Instances and Classes in SOFTWARE ENGINEERING Christopher A. Welty David A. Ferrucci 24 Summer 1999 intelligence Software Engineering Over the past decade or so, one of the many areas that artificial intelligence
More informationOdyssey Entertainment Marketing, LLC Privacy Policy
Odyssey Entertainment Marketing, LLC Privacy Policy We collect the following types of information about you: Information you provide us directly: We ask for certain information such as your username, real
More informationA Privacy Preserving Model Bridging Data Provider and Collector Preferences
A Privacy Preserving Model Bridging Data Provider and Collector Preferences Kambiz Ghazinour University of Ottawa School of Electrical Engineering and Computer Science Ottawa, ON, K1N 6N5, Canada kghazino@uottawa.ca
More informationAmbiguity Handling in Mobile-capable Social Networks
Ambiguity Handling in Mobile-capable Social Networks Péter Ekler Department of Automation and Applied Informatics Budapest University of Technology and Economics peter.ekler@aut.bme.hu Abstract. Today
More informationXton Access Manager GETTING STARTED GUIDE
Xton Access Manager GETTING STARTED GUIDE XTON TECHNOLOGIES, LLC PHILADELPHIA Copyright 2017. Xton Technologies LLC. Contents Introduction... 2 Technical Support... 2 What is Xton Access Manager?... 3
More informationIntroduction C H A P T E R1. Exercises
C H A P T E R1 Introduction Chapter 1 provides a general overview of the nature and purpose of database systems. The most important concept in this chapter is that database systems allow data to be treated
More informationONE-STACK AUTOMATA AS ACCEPTORS OF CONTEXT-FREE LANGUAGES *
ONE-STACK AUTOMATA AS ACCEPTORS OF CONTEXT-FREE LANGUAGES * Pradip Peter Dey, Mohammad Amin, Bhaskar Raj Sinha and Alireza Farahani National University 3678 Aero Court San Diego, CA 92123 {pdey, mamin,
More informationIntel Authoring Tools for UPnP* Technologies
Intel Authoring Tools for UPnP* Technologies (Version 1.00, 05-07-2003) INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE,
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationEFFICIENT INTEGRATION OF SEMANTIC TECHNOLOGIES FOR PROFESSIONAL IMAGE ANNOTATION AND SEARCH
EFFICIENT INTEGRATION OF SEMANTIC TECHNOLOGIES FOR PROFESSIONAL IMAGE ANNOTATION AND SEARCH Andreas Walter FZI Forschungszentrum Informatik, Haid-und-Neu-Straße 10-14, 76131 Karlsruhe, Germany, awalter@fzi.de
More informationCS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011
CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic
More informationowncloud Android App Manual
owncloud Android App Manual Release 2.7.0 The owncloud developers October 30, 2018 CONTENTS 1 Release Notes 1 1.1 Changes in 2.7.0............................................. 1 1.2 Changes in 2.6.0.............................................
More informationCapability based Command Security
Capability based Command Security SCSI commands standard proposal IBM Research Lab in Haifa February 2007 Table of Contents 1 General... 1 1.1 Overview...1 1.2 The Security Manager...2 1.3 Special Considerations...3
More informationAutomated Web Application Testing Using Selenium
Worcester Polytechnic Institute Digital WPI Major Qualifying Projects (All Years) Major Qualifying Projects March 2017 Automated Web Application Testing Using Selenium Benjamin I. Chaney Worcester Polytechnic
More information1 Introduction. 3 Syntax
CS 6110 S18 Lecture 19 Typed λ-calculus 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic semantics,
More informationEkran System v Program Overview
Ekran System v. 5.1 Program Overview Contents About the Program Ekran Server & Management Tool Database Management Licensing Client Installation Monitoring Parameters Client Protection Advanced User Authentication
More informationAMCTHEATRES.COM - PRIVACY POLICY
Thank you for visiting AMCTheatres.com. AMC Entertainment Inc. values its relationship with guests, members and clients, and is committed to responsible information handling practices. This privacy policy
More informationHOW TO INCREASE RANKINGS IN GOOGLE AND YAHOO SERP S WHITE PAPER
HOW TO INCREASE RANKINGS IN GOOGLE AND YAHOO SERP S WHITE PAPER CONTENTS Positioning Statement... 3 Introduction... 3 Commonly Used SEO Tools And Techniques... 4 1. Reciprocal Linking:... 4 2. Buying Links:...
More information2. Methodology. 1. Introduction. Tie-RBAC: An application of RBAC to Social Networks. 2.1 Social Network Analysis
Tie-RBAC: An application of RBAC to Social Networks Antonio Tapiador, Diego Carrera, Joaquín Salvachúa Universidad Politécnica de Madrid Abstract This paper explores the application of role-based access
More informationA Framework for the Development of Distributed Interactive Applications
A Framework for the Development of Distributed Interactive Applications Luca Frosini HIIS Laboratory ISTI-CNR Via G. Moruzzi, 1 56124 Pisa (Italy) luca.frosini@isti.cnr.it +39 050 621 2602 Marco Manca
More informationTolbert Family SPADE Foundation Privacy Policy
Tolbert Family SPADE Foundation Privacy Policy We collect the following types of information about you: Information you provide us directly: We ask for certain information such as your username, real name,
More informationUsing JBI for Service-Oriented Integration (SOI)
Using JBI for -Oriented Integration (SOI) Ron Ten-Hove, Sun Microsystems January 27, 2006 2006, Sun Microsystems Inc. Introduction How do you use a service-oriented architecture (SOA)? This is an important
More informationChatter Answers Implementation Guide
Chatter Answers Implementation Guide Salesforce, Spring 16 @salesforcedocs Last updated: April 27, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationGetting started guide my Giving and Volunteering
Getting started guide my Giving and Volunteering What s inside: Setting up your mobile device Using the site to: o Find volunteer events o Record volunteer hours Get ready to make it your best year yet
More informationThe NoPlsql and Thick Database Paradigms
The NoPlsql and Thick Database Paradigms Part 2: Adopting ThickDB Toon Koppelaars Real-World Performance Oracle Server Technologies Bryn Llewellyn Distinguished Product Manager Oracle Server Technologies
More informationThree Levels of Access Control to Personal Health Records in a Healthcare Cloud
Three Levels of Access Control to Personal Health Records in a Healthcare Cloud Gabriel Sanchez Bautista and Ning Zhang School of Computer Science The University of Manchester Manchester M13 9PL, United
More informationRemote Health Service System based on Struts2 and Hibernate
St. Cloud State University therepository at St. Cloud State Culminating Projects in Computer Science and Information Technology Department of Computer Science and Information Technology 5-2017 Remote Health
More informationTagFS Tag Semantics for Hierarchical File Systems
TagFS Tag Semantics for Hierarchical File Systems Stephan Bloehdorn, Olaf Görlitz, Simon Schenk, Max Völkel Institute AIFB, University of Karlsruhe, Germany {bloehdorn}@aifb.uni-karlsruhe.de ISWeb, University
More information